A typical (though unfortunately undocumented (we should really add this to the wiki somewhere)) is to do something like (see /usr/lib/libvirt /virt-aa-helper -h more more info (-u/--uuid is of form 'libvirt-<domuuid>'):
If profile does not exist: export VM=foo ; virsh dumpxml $VM | sudo /usr/lib/libvirt/virt-aa-helper -c -u libvirt-`virsh domuuid $VM` If profile already does exist: export VM=foo ; virsh dumpxml $VM | sudo /usr/lib/libvirt/virt-aa-helper -r -u libvirt-`virsh domuuid $VM` So, I saved your xml to /tmp/xml, then did: cat /tmp/xml | sudo /usr/lib/libvirt/virt-aa-helper -c -u libvirt-6445bf42-7513-985a-7920-9e89a4c42ffe virt-aa-helper: warning: path does not exist, skipping file type checks virt-aa-helper: error: /lib4/vmpool1/myhost.org-sda.raw virt-aa-helper: error: skipped restricted file virt-aa-helper: error: invalid VM definition What is happening is that virt-aa-helper does some safety checks and notices that the disk (a writable file) is in the non-standard directory that starts with /lib, so it skips the file. Because this file is the disk, it fails with 'invalid VM definition'. The bad news is that the restricted file checks are hardcoded in the source code for virt-aa-helper. The good news is that if you move it somewhere else (eg, /srv/vmpool1/myhost.org-sda.raw) it should work fine and you will be able to retain the guest isolation security that the apparmor driver provides (virt-aa-helper is a bit noisy since I don't have the disk present, but not that is not an error condition). Eg, making the change to the xml: $ cat /tmp/xml | sudo /usr/lib/libvirt/virt-aa-helper -c -u libvirt-6445bf42-7513-985a-7920-9e89a4c42ffe virt-aa-helper: warning: path does not exist, skipping file type checks 2012-12-29 19:30:27.679+0000: 10245: info : libvirt version: 0.9.13 2012-12-29 19:30:27.679+0000: 10245: warning : virDomainDiskDefForeachPath:14691 : Ignoring open failure on /srv/vmpool1/myhost.org-sda.raw: No such file or directory $ sudo aa-status | grep libvirt-6445bf42-7513-985a-7920-9e89a4c42ffe libvirt-6445bf42-7513-985a-7920-9e89a4c42ffe -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/799997 Title: error happen when using virsh to start a vm " internal error cannot generate AppArmor profile" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/799997/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
